Wireshark-dev: Re: [Wireshark-dev] TCP Reassembler
From: Richard van der Hoff <[email protected]>
Date: Thu, 9 Aug 2007 00:24:47 +0100 (BST)
On Wed, 8 Aug 2007, Michael Ngo wrote:


I'm not sure if the reassembler is buggy or if I am
using it wrong. I'm using it like this

tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 12,
get_foo_length, dissect_foo_message)

where get_foo_length returns the length of the packet
and dissect_foo_message is my dissector.

I'm totally confused by your description. But wiresharks' attempts at packet reassembly in the face of retransmissions and out-of-order packets are inherently a bit best-effort, as it has to be able to do a reasonable job at reassembly with potentially only a single pass through the traffic. If you really think it could do better, could you supply an example capture with an explanation as to what it's doing wrong?